En

HAProxy官网安全更新(2020-07-31)

来源:HAProxy官网 发布日期:2020-07-31 阅读次数:1673 评论:0

基本信息

发布日期:2020-07-31(官方当地时间)

更新类型:安全更新

更新版本:1.9

感知时间:2020-07-31 20:54:08

风险等级:未知

情报贡献:TSRC

更新标题

普通更新

更新详情

2020/07/31 : 1.9.16
- DOC: Improve documentation on http-request set-src
- BUG/MINOR: ssl: default settings for ssl server options are not used
- BUG/MEDIUM: http-ana: Handle NTLM messages correctly.
- BUG/MINOR: tools: fix the i386 version of the div64_32 function
- BUG/MINOR: http: make url_decode() optionally convert '+' to SP
- DOC: option logasap does not depend on mode
- BUG/MINOR: check: Update server address and port to execute an external check
- MINOR: checks: Add a way to send custom headers and payload during http chekcs
- BUG/MINOR: checks: Respect the no-check-ssl option
- BUG/MINOR: checks: chained expect will not properly wait for enough data
- BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream
- BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream
- BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam
- BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam
- BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream
- BUG/MEDIUM: shctx: really check the lock's value while waiting
- BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock
- REGTEST: ssl: test the client certificate authentication
- BUG/MEDIUM: backend: don't access a non-existing mux from a previous connection
- Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections"
- BUG/MEDIUM: server/checks: Init server check during config validity check
- BUG/MINOR: checks/server: use_ssl member must be signed
- BUG/MEDIUM: checks: Always initialize checks before starting them
- BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks
- BUG/MINOR: checks: Remove a warning about http health checks
- BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id()
- BUG/MINOR: sample: Set the correct type when a binary is converted to a string
- BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS()
- BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}()
- BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur
- BUG/MINOR: http-ana: fix NTLM response parsing again
- BUG/MEDIUM: http_ana: make the detection of NTLM variants safer
- BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered
- BUG/MINOR: pools: use %u not %d to report pool stats in "show pools"
- BUG/MINOR: pollers: remove uneeded free in global init
- BUILD: select: only declare existing local labels to appease clang
- BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt()
- BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified
- BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable
- BUG/MINOR: lua: Add missing string length for lua sticktable lookup
- BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf
- SCRIPTS: publish-release: pass -n to gzip to remove timestamp
- BUG/MINOR: peers: fix internal/network key type mapping.
- BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action
- BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations
- BUG/MINOR: logs: prevent double line returns in some events.
- BUG/MEDIUM: logs: fix trailing zeros on log message.
- BUG/MINOR: proto-http: Fix detection of NTLM for the legacy HTTP version
- MINOR: haproxy: add a reminder that this is the last version of 1.9
- BUILD: makefile: adjust the sed expression of "make help" for solaris
- BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
- BUG/MINOR: init: -x can have a parameter starting with a dash
- BUG/MINOR: init: -S can have a parameter starting with a dash
- BUG/MEDIUM: mworker: fix the reload with an -- option
- BUG/MINOR: mworker: fix a memleak when execvp() failed
- BUG/MEDIUM: pattern: fix thread safety of pattern matching
- BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0
- BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness
- BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks
- BUG/MINOR: spoe: add missing key length check before checking key names
- BUG/MINOR: cli: allow space escaping on the CLI
- BUG/MINOR: mworker/cli: fix the escaping in the master CLI
- BUG/MINOR: mworker/cli: fix semicolon escaping in master CLI
- MEDIUM: map: make the "clear map" operation yield
- BUG/MINOR: systemd: Wait for network to be online
- BUG/MINOR: spoe: correction of setting bits for analyzer
- MINOR: spoe: Don't systematically create new applets if processing rate is low
- BUG/MEDIUM: fetch: Fix hdr_ip misparsing IPv4 addresses due to missing NUL
- MINOR: cli: make "show sess" stop at the last known session
- DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list
- BUG/MEDIUM: pattern: Add a trailing \0 to match strings only if possible
- BUG/MINOR: proxy: fix dump_server_state()'s misuse of the trash
- BUG/MINOR: proxy: always initialize the trash in show servers state
- BUG/MINOR: http_act: don't check capture id in backend (2)
- BUG/MINOR: backend: Remove CO_FL_SESS_IDLE if a client remains on the last server
- BUG/MINOR: sample: Free str.area in smp_check_const_bool
- BUG/MINOR: sample: Free str.area in smp_check_const_meth
- BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode
- BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked
- BUILD: ebtree: fix build on libmusl after recent introduction of eb_memcmp()
- MINOR: pools: increase MAX_BASE_POOLS to 64
- BUG/MINOR: cfgparse: don't increment linenum on incomplete lines
- BUG/MEDIUM: mux-h2: Emit an error if the response chunk formatting is incomplete
- BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed
- BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields
- DOC: configuration: remove obsolete mentions of H2 being converted to HTTP/1.x

软件描述

HAProxy是一个使用C语言编写的自由及开放源代码软件[1],其提供高可用性、负载均衡,以及基于TCP和HTTP的应用程序代理。

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入